Home > News > Top Stories > New Audit Resources from ISACA Help Professionals Keep Pace with 2022 Audit and Compliance Trends and Updates

Server Virtualization

New Audit Resources from ISACA Help Professionals Keep Pace with 2022 Audit and Compliance Trends and Updates

As the year winds down, many audit professionals are shifting their focus to 2022 priorities—including developing dynamic new strategies such as agile auditing, revisiting established technologies from a remote or hybrid working environment perspective, and closing any gaps between compliance expectations and current practices—and how they can enhance their skills to meet the needs of the evolving audit landscape. To meet these needs, ISACA has released three new audit resources—its VPN Security Audit Program, Destination: Agile Auditing white paper, and a new edition of its IT Control Objectives for Sarbanes-Oxley publication.

During the pandemic, the reliance on virtual private networks (VPNs) was heightened as many shifted to working from home—as did the need to manage its risks and implement safeguards. ISACA’s VPN Security Audit Program provides a foundation for auditors to provide assurance around the effectiveness of implemented VPN controls, including pre-audit planning, governance and oversight, implementation and configuration, operations, and maintenance and monitoring, to avoid some of the following risks:

  • The increase in number of end users combined with extended VPN use may put additional pressure on infrastructure and adversely affect performance.
  • Failure to detect unauthorized VPN activity may cause denial of service due to excessive traffic or connection attempts.
  • Lack of alignment of data classification requirements with VPN requirements and configuration may impair compliance initiatives that are reliant on data classification.

During the pandemic, organizations embraced methods to increase agility and efficiency, including by using Agile. Destination: Agile Auditing outlines how audit professionals can incorporate Agile principles into their audit methodologies. Auditors can learn the basics about Agile auditing, its benefits, how Agile complements established assurance standards, how developing competency in Agile can enhance the planning, fieldwork, and reporting phases of an audit. The white paper also includes examples of elements from the Agile tool set, including an Agile road map and Agile audit engagement workflows and illuminates key components like sprints, audit backlog and daily standups.

Internal and external auditors, IT auditors and managers, and financial and operational managers can also ensure they are keeping up with the latest guidance in complying with the Sarbanes-Oxley Act in a new edition of ISACA’s IT Control Objectives for Sarbanes-Oxley publication. This latest edition incorporates updated guidance and standards from the Public Company Accounting Oversight Board (PCAOB) and the American Institute of CPAs (AICPA) and its Auditing Standards Board, with updates including:

  • Integrating guidance for implementing internal control over financial reporting (ICFR) using COBIT® 2019, for IT and financial management within enterprises and for their internal and external auditors and consultants
  • Aligning with COBIT 2019 Focus Area: Information & Technology Risk
  • Providing the mapping of the role of COSO Internal Control – Integrated Framework, 2013 to COBIT 2019
  • Highlighting technological innovations and their impacts on auditing IT controls.

The audit landscape is constantly shifting as technologies and regulations evolve, making it essential that audit professionals prioritize continuous learning to ensure they are applying the most current and effective audit practices. ISACA is committed to equipping the global audit community with the tools they need to deliver the highest audit standards at their organizations.”

Robin Lyons, IT Audit Professional Practices Lead

About ISACA
For more than 50 years, ISACA has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.

Spotlight

More featured news

Spotlight

Related News

Virtual Server Infrastructure

Scale Computing Offers Simple, Secure, Reliable IT Infrastructure to Combat 'Zombie' Technology

PR Newswire | October 10, 2023

Scale Computing, a market leader in edge computing, virtualization, and hyperconverged solutions, today announced its new campaign targeting outdated, 'zombie-like' infrastructure and calling on organizations to learn more about Scale Computing Platform's (SC//Platform) future-ready solutions. Between now and November 4, 2023, end users in North America and Europe, Middle East, and Africa (EMEA) can register for the company's free Zombie Apocalypse Essentials Kit, containing a water bottle, lantern, and powerbank. "IT managers are increasingly dealing with unreliable, inflexible, and inefficient systems. Instead of being haunted by outdated and traditional infrastructure, we invite users to learn more about Scale Computing and our Scale Computing Platform. SC//Platform brings together simplicity and scalability, replacing existing outdated infrastructure and providing high availability for running workloads in a single, easy-to-manage platform, while leveraging our patented self-healing technology to maintain maximum uptime for all applications," said Jeff Ready, CEO and co-founder of Scale Computing. October is Cybersecurity Awareness Month, dedicated to raising awareness about the importance of digital security and protecting personal data. As cyberattacks become more sophisticated, maintaining modern infrastructure with a powerful cybersecurity stance is key to keeping critical business applications and data secured. Scale Computing's campaign aims to help businesses fortify their defenses against the three blood-thirsty 'zombies' that commonly haunt outdated, traditional three-tier infrastructure Dreadful Downtime — an unreliable network that causes unexpected and expensive downtime for an organization Mangled Management — disparate technology systems, managed across multiple platforms, that make upgrades, patching, and overall management unnecessarily time- consuming Creeping Complexity — old and outdated systems across multiple locations that make scaling overly complicated SC//Platform provides infrastructure that is simple, secure, scalable, and reliable. With SC//Fleet Manager, the industry's first cloud-hosted monitoring and management tool built for hyperconverged edge computing infrastructure at scale, customers can quickly identify areas of concern using a single pane of glass, scaling from 1 to over 50,000 clusters. Zero-touch provisioning and Secure Link features allow administrators to centrally and securely monitor and manage hundreds or thousands of distributed edge infrastructure deployments, with few or no on-site IT personnel. About Scale Computing Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Using patented HyperCore™ technology, Scale Computing Platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime, even when local IT resources and staff are scarce. Edge Computing is the fastest-growing area of IT infrastructure, and industry analysts have named Scale Computing an outperformer and leader in the space, including being named the #1 edge computing vendor by CRN. Scale Computing's products are sold by thousands of value-added resellers, integrators, and service providers worldwide.

Read More

Backup and Disaster Recovery

Expedient Announces Partnership with Kyndryl to Deliver Disaster Recovery as a Service

PR Newswire | October 03, 2023

Expedient, a Full-Stack Cloud Service Provider, announced a partnership with Kyndryl the world's largest IT infrastructure services provider. Through this collaboration, Expedient's robust data center colocation and cloud infrastructure will enhance Kyndryl's industry-leading cyber resilience offerings to customers. By joining forces with Kyndryl, Expedient is extending the reach of its state-of-the-art data center colocation and cloud infrastructure known for its reliability, scalability, and security capabilities. Expedient's award-winning infrastructure is an integral element of its Cloud Different™ multi-cloud services and is delivered across a nationwide network of highly interconnected data centers. Infrastructure is available in dedicated, private cloud, and VMware-based Expedient Enterprise Cloud configurations to meet the needs of customers and prospects across regions and industries. This partnership will enable Expedient and Kyndryl to extend the reach and effectiveness of security and cyber resilience services to a wider range of customers, helping organizations across various industries strengthen and fortify their cybersecurity posture while further mitigating the risks associated with data breaches. "We are excited to partner with Kyndryl, a company known for its excellence in cybersecurity services, cyber resilience services and Disaster Recovery as a Service," said Dennis Musolino, Chief Revenue Officer of Expedient. "Expedient has a more than 20-year history and expertise in delivering unmatched disaster recovery and data center infrastructure solutions. We are proud and excited to be providing our data center and cloud infrastructure to help augment the comprehensive resiliency services that Kyndryl delivers to its array of clients nationally. Together, we will empower businesses to proactively protect their digital assets and maintain operational resilience in an increasingly complex digital landscape." "We're dedicated to helping customers navigate their ever-evolving cybersecurity challenges," said James Carrigan, Jr., VP, US Security Practice Leader at Kyndryl. "Partnering with Expedient will allow us to further provide our customers with access to a flexible, robust and security-rich infrastructure that supports their cybersecurity and cyber resilience needs and enables the uptime and availability of their most critical applications." About Expedient Expedient is a full stack cloud service provider, helping companies transform their IT operations through award-winning multi-cloud solutions and managed infrastructure services including enterprise cloud, disaster recovery, virtual desktop infrastructure, data center colocation, edge computing, security and compliance, and more. The company's Cloud Different™️ approach provides an on-ramp to the cloud, supporting the optimization and delivery of all applications. Named VMware's Americas Cloud Partner of the Year and acknowledged in Gartner's Magic Quadrant for Disaster Recovery as a Service, Expedient eases a customer's transition to the cloud by providing curated and bundled best of breed solutions backed by "white glove" services and support. Expedient data centers are compliant with a variety of regulatory mandates, including the Health Insurance Portability and Accountability Act (HIPAA) as well as the Payment Card Industry Data Security Standard (PCI DSS) service.

Read More

Server Virtualization, VMware

StorMagic Introduces Edge Control Software to Simplify SvSAN Monitoring and Management

Business Wire | October 18, 2023

StorMagic®, solving the world’s edge data problems, today announced the immediate availability of a new Software as a Service (SaaS) tool that allows users to easily monitor and manage all of their SvSAN clusters around the world. StorMagic Edge Control simplifies the process and tools required for day-to-day SvSAN cluster administration. SvSAN customers with multiple locations can significantly reduce the time spent managing their edge sites, whether they are using VMware, Microsoft or KVM hypervisors. “ESG research shows increasing demand for data storage at the edge which fuels an increased need for monitoring solutions that can help address the complexity of storage at the edge,” said Scott Sinclair, practice director at Enterprise Strategy Group. “SvSAN customers can greatly benefit by adding StorMagic Edge Control into their toolkits; the dashboard views and list formats will make centralized data management much easier and more accessible.” Edge Control delivers centralized administration for SvSAN environments of all sizes. Customers can now manage all SvSAN deployments in any location from a single pane of glass. Dashboard and system views provide a fast but comprehensive status of all of their virtual storage appliances (VSAs), allowing them to keep their environment up-to-date more easily and react faster as needed. “StorMagic customers of any size can now manage their entire SvSAN estate, whether it’s one site or thousands of sites around the world,” said Bruce Kornfeld, chief marketing and product officer, StorMagic. “Edge Control is particularly interesting for customers who are considering switching from VMware to Microsoft or Linux KVM because SvSAN and Edge Control are both hypervisor agnostic.” Pricing and Availability Edge Control version 1.0 is available today from StorMagic. SvSAN customers can download and begin using the software immediately, free of charge. About StorMagic StorMagic is solving the world’s edge data problems. We help organizations store, protect and use data at and from the edge. StorMagic’s solutions ensure data is always protected and available, no matter the type or location, to provide value anytime, anywhere. StorMagic’s storage and security products are flexible, robust, easy to use and cost-effective, without sacrificing enterprise-class features, for organizations with one to thousands of sites.

Read More

Virtual Server Infrastructure

Scale Computing Offers Simple, Secure, Reliable IT Infrastructure to Combat 'Zombie' Technology

PR Newswire | October 10, 2023

Scale Computing, a market leader in edge computing, virtualization, and hyperconverged solutions, today announced its new campaign targeting outdated, 'zombie-like' infrastructure and calling on organizations to learn more about Scale Computing Platform's (SC//Platform) future-ready solutions. Between now and November 4, 2023, end users in North America and Europe, Middle East, and Africa (EMEA) can register for the company's free Zombie Apocalypse Essentials Kit, containing a water bottle, lantern, and powerbank. "IT managers are increasingly dealing with unreliable, inflexible, and inefficient systems. Instead of being haunted by outdated and traditional infrastructure, we invite users to learn more about Scale Computing and our Scale Computing Platform. SC//Platform brings together simplicity and scalability, replacing existing outdated infrastructure and providing high availability for running workloads in a single, easy-to-manage platform, while leveraging our patented self-healing technology to maintain maximum uptime for all applications," said Jeff Ready, CEO and co-founder of Scale Computing. October is Cybersecurity Awareness Month, dedicated to raising awareness about the importance of digital security and protecting personal data. As cyberattacks become more sophisticated, maintaining modern infrastructure with a powerful cybersecurity stance is key to keeping critical business applications and data secured. Scale Computing's campaign aims to help businesses fortify their defenses against the three blood-thirsty 'zombies' that commonly haunt outdated, traditional three-tier infrastructure Dreadful Downtime — an unreliable network that causes unexpected and expensive downtime for an organization Mangled Management — disparate technology systems, managed across multiple platforms, that make upgrades, patching, and overall management unnecessarily time- consuming Creeping Complexity — old and outdated systems across multiple locations that make scaling overly complicated SC//Platform provides infrastructure that is simple, secure, scalable, and reliable. With SC//Fleet Manager, the industry's first cloud-hosted monitoring and management tool built for hyperconverged edge computing infrastructure at scale, customers can quickly identify areas of concern using a single pane of glass, scaling from 1 to over 50,000 clusters. Zero-touch provisioning and Secure Link features allow administrators to centrally and securely monitor and manage hundreds or thousands of distributed edge infrastructure deployments, with few or no on-site IT personnel. About Scale Computing Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Using patented HyperCore™ technology, Scale Computing Platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime, even when local IT resources and staff are scarce. Edge Computing is the fastest-growing area of IT infrastructure, and industry analysts have named Scale Computing an outperformer and leader in the space, including being named the #1 edge computing vendor by CRN. Scale Computing's products are sold by thousands of value-added resellers, integrators, and service providers worldwide.

Read More

Backup and Disaster Recovery

Expedient Announces Partnership with Kyndryl to Deliver Disaster Recovery as a Service

PR Newswire | October 03, 2023

Expedient, a Full-Stack Cloud Service Provider, announced a partnership with Kyndryl the world's largest IT infrastructure services provider. Through this collaboration, Expedient's robust data center colocation and cloud infrastructure will enhance Kyndryl's industry-leading cyber resilience offerings to customers. By joining forces with Kyndryl, Expedient is extending the reach of its state-of-the-art data center colocation and cloud infrastructure known for its reliability, scalability, and security capabilities. Expedient's award-winning infrastructure is an integral element of its Cloud Different™ multi-cloud services and is delivered across a nationwide network of highly interconnected data centers. Infrastructure is available in dedicated, private cloud, and VMware-based Expedient Enterprise Cloud configurations to meet the needs of customers and prospects across regions and industries. This partnership will enable Expedient and Kyndryl to extend the reach and effectiveness of security and cyber resilience services to a wider range of customers, helping organizations across various industries strengthen and fortify their cybersecurity posture while further mitigating the risks associated with data breaches. "We are excited to partner with Kyndryl, a company known for its excellence in cybersecurity services, cyber resilience services and Disaster Recovery as a Service," said Dennis Musolino, Chief Revenue Officer of Expedient. "Expedient has a more than 20-year history and expertise in delivering unmatched disaster recovery and data center infrastructure solutions. We are proud and excited to be providing our data center and cloud infrastructure to help augment the comprehensive resiliency services that Kyndryl delivers to its array of clients nationally. Together, we will empower businesses to proactively protect their digital assets and maintain operational resilience in an increasingly complex digital landscape." "We're dedicated to helping customers navigate their ever-evolving cybersecurity challenges," said James Carrigan, Jr., VP, US Security Practice Leader at Kyndryl. "Partnering with Expedient will allow us to further provide our customers with access to a flexible, robust and security-rich infrastructure that supports their cybersecurity and cyber resilience needs and enables the uptime and availability of their most critical applications." About Expedient Expedient is a full stack cloud service provider, helping companies transform their IT operations through award-winning multi-cloud solutions and managed infrastructure services including enterprise cloud, disaster recovery, virtual desktop infrastructure, data center colocation, edge computing, security and compliance, and more. The company's Cloud Different™️ approach provides an on-ramp to the cloud, supporting the optimization and delivery of all applications. Named VMware's Americas Cloud Partner of the Year and acknowledged in Gartner's Magic Quadrant for Disaster Recovery as a Service, Expedient eases a customer's transition to the cloud by providing curated and bundled best of breed solutions backed by "white glove" services and support. Expedient data centers are compliant with a variety of regulatory mandates, including the Health Insurance Portability and Accountability Act (HIPAA) as well as the Payment Card Industry Data Security Standard (PCI DSS) service.

Read More

Server Virtualization, VMware

StorMagic Introduces Edge Control Software to Simplify SvSAN Monitoring and Management

Business Wire | October 18, 2023

StorMagic®, solving the world’s edge data problems, today announced the immediate availability of a new Software as a Service (SaaS) tool that allows users to easily monitor and manage all of their SvSAN clusters around the world. StorMagic Edge Control simplifies the process and tools required for day-to-day SvSAN cluster administration. SvSAN customers with multiple locations can significantly reduce the time spent managing their edge sites, whether they are using VMware, Microsoft or KVM hypervisors. “ESG research shows increasing demand for data storage at the edge which fuels an increased need for monitoring solutions that can help address the complexity of storage at the edge,” said Scott Sinclair, practice director at Enterprise Strategy Group. “SvSAN customers can greatly benefit by adding StorMagic Edge Control into their toolkits; the dashboard views and list formats will make centralized data management much easier and more accessible.” Edge Control delivers centralized administration for SvSAN environments of all sizes. Customers can now manage all SvSAN deployments in any location from a single pane of glass. Dashboard and system views provide a fast but comprehensive status of all of their virtual storage appliances (VSAs), allowing them to keep their environment up-to-date more easily and react faster as needed. “StorMagic customers of any size can now manage their entire SvSAN estate, whether it’s one site or thousands of sites around the world,” said Bruce Kornfeld, chief marketing and product officer, StorMagic. “Edge Control is particularly interesting for customers who are considering switching from VMware to Microsoft or Linux KVM because SvSAN and Edge Control are both hypervisor agnostic.” Pricing and Availability Edge Control version 1.0 is available today from StorMagic. SvSAN customers can download and begin using the software immediately, free of charge. About StorMagic StorMagic is solving the world’s edge data problems. We help organizations store, protect and use data at and from the edge. StorMagic’s solutions ensure data is always protected and available, no matter the type or location, to provide value anytime, anywhere. StorMagic’s storage and security products are flexible, robust, easy to use and cost-effective, without sacrificing enterprise-class features, for organizations with one to thousands of sites.

Read More

More featured news